Recent FAQ Changes RSS

The PCI DSS is a global standard, with compliance expected of any entity that stores, processes or transmit cardholder data regardless of geographic location. Each payment brand manages their PCI …

Fees for validation services are set independently by the PA-QSAs.

The requirements for Payment Application Data Security Standard (PA-DSS) are derived from the Payment Card Industry Data Security Standard (PCI DSS). This document details what is required for a merchant …

The Council encourages organizations to seek professional guidance in achieving compliance and completing the Self-Assessment Questionnaire. Please recognize that, while you are free to use any security professional of your …

Please visit www.pcisecuritystandards.org and download/complete the application for joining the Council. Once your application fee is received and your organization has been approved as a new Participating Organization, you will …

The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer’s mass storage and automatically …

According to payment brand rules, all merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. There are five PCI Data Security …

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self-evaluate their compliance with …

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

The intent of this requirement is to prevent someone from using an unattended console/PC to gain unauthorized access to the user’s computer and accounts, and/or the company’s network. This does …